We at ISMS Connect have no interest in collecting data from you, that we don’t need to fulfill our service.
See below what type of data we handle and why. Feel free to inquire us any time with your question regarding privacy.
– Christopher Eller, owner of ISMS Connect –
ISMS Connect (Owner: Christopher Eller) is responsible for the processing of data. The contact details can be found in the imprint.
In accordance with Art. 4 Para. 7 of the GDPR.
As a user, you have the following rights with regard to your personal data:
Right to information, right to rectification or deletion, right to restriction of processing, right to object to processing, right to data portability, right to withdraw consent.
You have the right and the possibility to complain to a data protection supervisory authority about the processing of your personal data. If you have any problems with this website, please write us a message.
We commission service providers for individual services or functions of this website. Those sub processors are carefully chosen and bind to an order processing contract.
Below you find a description of each data processing procedure as well as a detailed description of the legal basis for the data collect as well as the retention times.
Regarding Retention: Please note that our system backups may contain your personal data. So if the retention time expires or you delete your account, it may take additional 30 days until all information is completely gone from our backup systems.
If you contact us (for example to get an offer or information about our product) by e-mail or the contact forms provided, the information you provide will be stored in order to answer your request and help you with additional requests. We will link multiple requests in our Helpdesk System and our customer database based on the sender e-mail to better understand your request and your project.
If you use the contact bubble in the right corner, our service provider Helpscout will additionally receive your IP and the help articles you clicked to help us link your request to your previous requests from you and to understand what problem you where facing.
Legal basis:
In order to display our website, to ensure the stability and security of the site and to statistically evaluate visits, we collect the data your browser sends to us (IP Adress, time, browser version, Operating system). Additionally, the contact form in the lower right corner is directly loaded from our service provider help scout when you call the site. Helpscout is a paid provider which operates under an contract with us. We use “Matomo” to analyze visitors as well as a Web Application Firewall to protect against attacks.
To analyse the flow of visitors we use the tool “Matomo” which only saves an anonymised IP address (last block of the IP address is replaced by “0”), the browser used and the pages called up. We operate this ourselves and are not dependent on third parties. The use of cookies is limited to link search keywords with a successful transaction (“Will visitors who click this ad start a transaction?”).
For some sites, we analyze the usage with so called “heat maps” in Matomo. These maps shows us, which area of the page is viewed at most or what buttons are clicked most. For example we can see, that only a third of all visitors scrolls to the end of a specific page. This data is aggregated through all visitors and does not allow analyzing scroll or clicking behavior of single visitors.
We use a web application firewall to protect ourselves from attacks. This firewall uses a blacklist available on our server to ward off harmful attacks. If an attack is detected and blocked, the IP of the attacker is sent to the provider of this blacklist to improve it. The IP will be removed after 90 days by the provider if no further harmful behaviour originates from this IP.
Legal basis:
We use the Google search engine to place advertisements that link to this page. Usually Google Analytics is integrated as a tracking script on websites to monitor the user’s session and measure how they behave. We don’t do so.
Although we do not use Google Analytics, we rely on measuring the success of the ads (“Which ad makes customers buy something?”). When you visit our site through a Google Ads link, the Keyword you used to search us is registered with “Matomo” (see “Website interaction).
When you visit us, your browser tells roughly what Ad you have clicked (e.g. “ISMS templates” or “Consulting”) through so called “campaign tags” attached to the url of the ad. We save that information along the website interaction in “Matomo” to understand what Ads are likely to fulfill the expectation or what Ads lead to an user to leave immediately.
Legal basis:
If you subscribe to the newsletter or an e-mail course on our website, we will store your address in our system in order to send you the corresponding e-mails. We delete these addresses as soon as you unsubscribe from the newsletter.
Legal basis:
If you order some of our services, the information you provide is used to process your order and write an invoice. As we offer subscription and user accounts, this information is retained as long your account is existent to allow reordering or renewing your subscription. Your IP address will be saved together with your order to protect us against fraud through incorrect orders.
Legal basis:
Retention: Until you delete your account. Please note that legal storage obligations may extend the period of time during which we store your data because order data, especially invoices must be retained for about 10 years. In this case, we will restrict the processing of the data and delete it after expiry of the obligation to retain it.
We use the service provider “Stripe” to process your payment. They carry out a risk analysis based on the data entered. The processing of your payment and payment data is the responsibility of these providers. We use this provider to carry out SEPA & Credit Card Payments because we were target of fraudulent orders in the past. But if you do not feel comfortable with sharing your data with a third party for payment, you can contact us and we will set up traditional bank transfer for you. In that case, you will pay us directly.
Legal basis:
Retention: Legal storage obligations may extend the period of time during which we store your data because order data, especially invoices must be retained for about 10 years. In this case, we will restrict the processing of the data and delete it after expiry of the obligation to retain it.
If you haven an account, free or paid, you can access the information available to you by using the login data provided (“Subscription”). You can use your account to request renewal of the product or deletion of all your data.
When you use our product, we will record your progress in processing the training courses in the Academy module to allow you to continue the course at any time where you left off. Also, we access this progress value in support cases to help understand where you have trouble. If the subscription you ordered expires, your account will not be automatically deleted to allow you accessing free content and to resume your subscription.
We combine your support requests, your subscription information and your progress in trainings in a single customer database to better understand your project progress and to support you in the best possible way when interacting with us.
You may want to invite your team members to your account, therefore invited team members will also have an profile identified by their E-Mail and Password. Also, they will have an profile with public information (like nickname) for the forum just like your profile.
If someone reports fraudulent or aggressive behavior, we may look into community messages or posts that are objectives to those reports.
Legal basis:
Retention: As soon as you delete your customer account , we will delete your data from our systems.
If you have an account, you can access our community provided by circle.so where you can access information and participate in discussions. You can manage your public profile directly to set up under which name you want to appear.
As circle.so may collect additional data from your visit (as described in the upcoming Cookie Banner after you visit circle / the community), we understand that you may want to avoid usage of the community. In that case, please contact us so we can send you documents and other information directly via e-mail.
Legal basis:
Occasionally we may invite customers to video sessions where problems or questions in customer projects are discussed. All customers that participate in those sessions are asked to keep shared information confidentially. However, its still a public forum. If all participants agree, we may record these sessions and share them on the website with other customers.
Legal basis:
Retention: We keep no information on participants. If we record a session, we keep these recordings up to 10 years. If you object to the usage, we will happily remove parts of the clip where you are shown or heard so that you are not identifiable anymore.
Occasionally we may invite customers to write a testimonial about our service. In the form we send out, we ask for your opinion, name, photo and other information.
We use this feedback to improve our service and to share testimonials with pictures or citation of parts of it on our marketing channels like our website. We may translate reviews before sharing them.
Legal basis:
Retention: We keep customer reviews until you require the deletion from us.
A distinction is made between “first party cookies” (cookies that come directly from our website) and “third party cookies” (cookies that come from a third party such as our web analysis service providers) – which are not used by us.
You can delete individual cookies or generally deactivate the use of cookies in your browser. Cookies have certain runtimes, after this time your browser automatically deletes them.
All cookies used are listed in “Cookies we use”. If a “*” is used, this means that there may be several cookies in your browser, which start with the same character string but serve the same function.
Below you can find a detailed description of the legal basis for the data collect as well as the retention times.
Essential cookies enable basic functions and are necessary for the proper functioning of the website. All cookies are essential for maintaining the correct function of the website and therefore are first-party cookies (delivered by our server).